The proliferation of e-commerce and the simplification of Web site-creation technology have facilitated the escalation of identity theft, a crime that now affects millions of Americans and saps billions of dollars from U.S. businesses annually. Identity theft can affect a business's hard-won reputation and result in expensive litigation.
An effective authentication system is necessary for compliance with requirements to safeguard customer information, to reduce fraud, to inhibit identity theft, and to promote the legal enforceability of their electronic agreements and transactions. The risks of doing business with unauthorized or incorrectly identified persons in an online environment can result in financial loss and reputation damage through fraud, disclosure of customer information, corruption of data, or unenforceable agreements.
Positive authentication of a person's identity in a disconnected environment such as the internet is extremely difficult. Identity theft has been a common problem for several years and has been increasing.
In October 2005, the Federal Financial Institutions Examination Council agencies issued guidance entitled ‘Authentication in an Internet Banking Environment’. Since the issuance of the guidance, Internet-based fraud incidents have increased, particularly with respect to commercial accounts and the use of automated payment mechanisms (e.g., wire transfers and automated clearinghouse payments). The agencies are issuing the attached supplement to the guidance to reinforce the guidance's risk management framework and to update their expectations regarding customer authentication, layered security, and other controls in the increasingly hostile online environment.
Current available solutions all suffer from the same problem. While communication channels are secured, the actual identity of the person conducting the transaction is not known. Moreover, stronger authentication mechanisms such as one time password generators are too expensive for an organization with a large number of members to distribute and maintain.
Electronic agreements and online signature of documents are particularly venerable and potentially have larger consequences if a signature is fraudulent. With the increasing popularity and implementation of such signatures, an effective solution which positively confirms the identity of the signer is crucial.